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DETAILED ACTION 

1 . This action is responsive to communications: application, filed 9/30/2003; 
amendment filed 7/2/2009. 

2. Claims 1-30 are pending in the case. 

3. All claims have been amended. 

Drawings 

4. The corrected drawing for figure 3 was received on 7/2/2009. The 
drawing is acceptable. 

Response to Arguments 

5. Applicant's amendment to claim 1 5 overcomes the objection. The 
objection is hereby withdrawn. 

6. Regarding rejection of claims 8-1 2 and 24-29, applicant argues that the 
specification paragraph [0044] defines the layer key. However, said paragraph 
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merely identifies how a layer key may be used. There is nothing in that 
paragraph that defines characteristics or particulars of a layer key as 
distinguished over a key. The rejection clearly states that the characteristics of a 
layer key in comparison with a general key are not defined. The one skilled in art 
understands the usage of a key for encryption. There is nothing in the 
specification, or applicant's argument that defines how a layer key is different or 
distinguished from a (general) key. Accordingly, applicant's argument is non- 
persuasive. 

7. Applicant's argument regarding prior art rejection is moot in view of the 
new ground of rejection outlined as follows. Note that the amendments have 
caused grounds for an additional rejection under section 112 2nd paragraph. 

Claim Rejections - 35 USC §112 

8. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

9. Claims 8-12, and 24-29 are rejected under 35 U.S.C. 112, second 
paragraph, as being indefinite for failing to particularly point out and distinctly 
claim the subject matter which applicant regards as the invention. 

Claims are directed to layer-encrypted data blocks, however, the 
characteristics and attributes of layer-encrypted data blocks are not determined, 
and therefore it is unknown how they further limit the claim. In describing layer- 
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encrypted data blocks, applicant's Specification is directed to figure 7 and states: 
"As illustrated in Figure 7, an encrypted data block or group of encrypted data 
blocks encrypted with a layer key is a layer-encrypted data block. For example, 
layer-encrypted data blocks A-C (500-504) 

are encrypted with layer key (524) and layer-encrypted data blocks D-G (506- 
512) 

are encrypted with layer key (522)." However, the Specification has no definition 
or description of a layer key, and therefore, the characteristics and features 
associated with a layer-encrypted data block, and how it is distinguished from an 
ordinary encrypted data block are not clear. 

1 0. Claims 1 -30 are rejected under 35 U.S.C. 1 1 2, second paragraph, as 
failing to set forth the subject matter which applicant(s) regard as their invention. 
Evidence that claims 1-30 fail(s) to correspond in scope with that which 
applicant(s) regard as the invention can be found in the reply filed 7/2/2009. In 
that paper, applicant has stated that support for the new limitations can be found 
in paragraphs [0031] and [0034]. This statement indicates that the invention is 
different from what is defined in the claim(s) because the embodiments identified 
in said paragraphs clearly indicate that the encrypted hash data is used as 
means to verify if the user has write permission, and only after verification, the 
user is allowed to modify data by writing. The verification requires that the 
encrypted hash data is associated with the user key, and that key is made 
available to the user who has write permission only. The claim includes storing 
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an encrypted hash data, but there is no association between encrypted hash 
data (as claimed) and user key. In other words, an encrypted hash data could be 
any encrypted hash data, without any association with the user or his/her keys. 
This makes the verification ineffective, and therefore inoperable. It is noteworthy 
that the claimed invention does make an association between the key of a user 
having read permission (private key is made available to the second user) and 
the stored data. 

Claim Rejections - 35 USC § 103 

1 1 . The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 102 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

12. Claims 1- 4, 13, 14, 15, 19-23, and 30 rejected under 35 U.S.C. 103(a) as 
being unpatentable over Rothrock (US 7,149,900) hereinafter called Rot in 
view of Scheidt (US Patent No. 6,490,680) and further in view of Zheng 
(US Patent No. 6,556,994). 

12.1 . As per claims 1 , Rot is directed to a method for re-encrypting encrypted 
data in a secure storage file system, comprising: 

obtaining selected encrypted data from the secure storage file system using a 
user data access record, wherein the user data access record comprises a 
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bitmap indicating which encrypted data is accessed by a first user (Rot col. 4 
lines 57-65 teaches a system for accessing an encrypted secure storage module. 
The system uses an agent's API to obtain properly authorized access (col. 5 
lines 29-32), and allows updating and re-encrypting the data in the secured 
memory. Rot, however, does not explicitly teach data access using a 
user data access record, wherein the user data access record comprises a 
bitmap indicating which encrypted data is accessed by a user. 

Zheng teaches using bitmap as user access data record (Fig. 2 and associated 
text). The example in figure 2 and its associated text shows a record of user 
access including a bitmap. Therefore, Zheng teaches data access using a 
user data access record, wherein the user data access record comprises a 
bitmap indicating which encrypted data is accessed by a user. 

Rot and Zheng are analogous art as they are both directed to data access 
management. At the time of invention, it would have been obvious to use the 
bitmap user data access record of Zheng in obtaining encrypted data in Rot's 
system. The motivation would be to use a well-practiced and easy to develop 
mechanism such as bitmaps in developing user data access record); 

decrypting the selected encrypted data using a first symmetric key to obtain 
selected data (Rot teaches access to encrypted data, decrypting and re- 
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encrypting data, but does not explicitly detail the type of keys, and data elements 
involved in encryption, decryption and re-encryption. 

Scheidt is directed to a system for controlling access to data. Scheidt uses keys 
to control access to information based on the role of users (col. 4 lines 15-31). 
Scheidt figures 1 and 2 describe the process of data encryption and decryption. 
Figure 2 and associated text describes the decryption of data which was 
encrypted in the system. Col. 17 lines 15-35 shows how encrypted data is 
decrypted. As shown in col. 3 lines 64-67, Scheidt teaches that both symmetric 
and asymmetric keys can be used for encryption and decryption); 
re-encrypting the selected data using a second symmetric key to obtain new 
encrypted data (Scheidt Fig. 1 and associated text, particularly, col. 16 lines 49- 
50, and 60-62, where it shows that the data is encrypted using the working split 
key. Note again that as mentioned above, Scheidt teaches use of symmetric and 
asymmetric keys for encryption and decryption. Also note that Rot teaches the 
need for re-encrypting data, and Scheidt teaches the associated details); 
Obtaining a public key associated with a private key (as mentioned above, 
Scheidt teaches both public and symmetric key cryptography for encryption of 
data. It also teaches using a key to encrypt an encryption key), Wherein the first 
user is denied access to the private key (Rot col. 9 line 30 to col. 10 line 67 
shows that the system provides each user with a set of labels and key splits 
useful in creating a working key. The working key allows encryption and 
decryption of data, which enables a user to read or write data. Each user is 
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provided the splits based on their role. Therefore, Scheidt teaches providing 
several keys to several users (first and second). As the rights of each user 
dictates the type of operation the user can perform, the keys of one user is not 
provided to another user. As mentioned above, Sheidt teches use of public key 
cryptography. Naturally, a first user is denied access to the private keys assigned 
to another (second) user); 

encrypting the second symmetric key using the public key to obtain a new 
encrypted symmetric key (Scheidt Fig.1 and 2 and associated text, where the key 
used to encrypt the data (working split) is encrypted. Note that as shown in Fig. 
2, the encrypted data is decrypted using the same working split that was used to 
encrypt the data (col. 17, lines 30-36). Furthermore, the working split was never 
stored in plain text. The elements of working split were encrypted (col. 16, lines 
50-65) and then decrypted to reconstruct the working split. Therefore, the 
working split was encrypted and then decrypted. In addition, Scheidt teaching of 
encrypting the elements of a key makes encrypting the key obvious); 
storing the new encrypted data and the new encrypted symmetric key if a second 
user has read permission, wherein the second user is allowed access to the 
private key (Scheidt teaches that the user who has read permission is provided 
with data elements necessary to perform data decryption: Scheidt col. 16 line 62 
to col. 17 line 1 1 shows information needed to decrypt the data is constructed 
and stored in the workstation and user Super Card. This information includes the 
working split, and the encrypted data. Column 16 lines 11-18 shows that Key 
splits and labels are used to determine who can encrypt and decrypt data. 
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Column 10 lines 60-64 shows that the user who has labels necessary to decrypt, 
has read permission . Therefore the user with read permission is provided with 
keys and labels to decrypt (see col. 16 lines 31-33). As mentioned above, the 
information needed to decrypt is provided to the user, and includes the working 
split and the encrypted data. Therefore, the working split and encrypted data is 
stored when user has read permission. 

Scheidt also teaches that determining if the user has read permission is made 
based on user credentials: The public key is a credential of the user, and Scheidt 
teaches using the user credentials in generation and construction of the split 
keys as explained above and noted in col. 16 lines 10-19); 
storing an encrypted hash data, the new encrypted data, and the new encrypted 
symmetric key if the second user has write permission (Fig. 1 shows that the 
plaintext data is hashed and encrypted. Similar to the read permission, the user 
must have write permission to encrypt (col. 16 lines 20-25, and col. 10 lines 60- 
64), and Scheidt provides the elements necessary to perform encryption to the 
user authorized to perform encryption (has write permission). As shown in figure 
1 and associated text, the encrypted data and the encrypted symmetric key are 
stored because they are necessary for accessing the data after a decryption 
process is performed). 

Scheidt and Rot are analogous art as they are both directed to a secure data 
access control system. At the time of invention, it would have been obvious to the 
one skilled in art to improve Rot's system of secure data access control during 
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the time when data is updated, by including the keys and labels of Scheidt to 
further secure the system by limiting access to users with proper permission 
(Scheidt col. 4 lines 15-30). 

1 2.2. Limitations of claim 20 are substantially the same as claim 1 , with the 
added limitation of a client device, wherein the client device comprises a client 
kernel for generating the key re-encryption event and a client application using 
the encrypted 

data. Rot in view of Scheidt teaches the added limitation: As shown in claim 1 , a 
re-encryption event will be followed by generation and re-encryption of keys, and 
therefore, it generates a key re-encryption event. Scheidt col. 2 lines 4-58 shows 
that a user device (client) can connect the server and access the server, which 
involves initiation of the method of claim 1. Therefore, Scheldt's user device 
(client) generates a key re-encryption event. Note also that Scheldt's user device 
includes an application which uses the encrypted data, and includes a kernel. 

1 2.3. Limitations of claims 1 3 and 30 are substantially the same as claim 1 , and 
directed to the hardware and apparatus performing the operations and steps of 
claim 1 . Rot in view of Scheidt also teaches hardware and apparatus necessary 
to perform operations and steps. 

1 2.4. As per claims 3 and 4, Rot in view of Scheidt is directed to the method of 
claim 1, wherein the write permission comprises at least one sub-division and the 
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sub-division is selected from a group consisting of insert, append, truncate, and 
delete (Scheidt allows modification of data when the user has write permission. 
The "write" operation is regarded as any general operation that involves data 
modification, which includes insert, append, truncate, and delete.) 

1 2.5. Limitations of claims 14, 1 5, 22 and 23 are substantially the same as 
claims 3 and 4. Also see rejection of claims 13 and 30. 

1 2.6. As per claim 2, Rot in view of Scheidt and Zheng are directed to user data 
access record comprising a bitmap for each user (see rejection of claim 1). 

1 2.7. Limitations of claims 1 9 and 21 are substantially the same as claim 2. Also 
see rejection of claims 13 and 30. 



13. Claims 5-7, 16-18 are rejected under 35 U.S.C. 103(a) as being 

unpatentable over Rothrock (US 7,149,900) hereinafter called Rot in view 
of Scheidt (US Patent No. 6,490,680), further in view of Zheng, and further 
in view of Quarato (US Patent No. 6,253,205). 

1 3.1 . As per claims 5, 6 and 7, Rot in view of Scheidt is directed to the method 
of claim 1 , however, it does not explicitly teach wherein the secure storage file 
system is implemented using a preloaded shared library, wherein the preloaded 
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shared library translates read/write/file name accesses into different 
read/write/file name accesses, and the shared library includes functionality to 
map read/write/file name accesses to a custom-implemented file system. Quarto 
is directed to a translation framework, which performs data conversions (see 
abstract). Quarato col. 3 line 65 to col. 4 line 40 teaches a translator using 
shared libraries that can convert data objects (such as read/write/file name 
accesses), and map the data objects to work in a different platform (col. 4 lines 
25-30). At the time of invention, it would have been obvious to implement the 
system of Rot in view of Scheidt using the shared libraries as taught by Quarato. 
The motivation would be to include the benefits of the object oriented 
programming in the implementation of the system, as noted by Quarato col. 2 
lines 17-40. 

1 3.2. Limitations of claims 16,17 and 1 8 are substantially the same as claims 5, 
6, and 7. Also see rejection of claim 13. 

14. Claims 8-12, 24-29 are rejected under 35 U.S.C. 103(a) as being 

unpatentable over Rothrock (US 7,149,900) hereinafter called Rot in view 
of Scheidt (US Patent No. 6,490,680), further in view of Zheng, and further 
in view of Saito (US Patent No. 7,324,644). 

14.1. As per claims 8, 1 0 and 1 1 , the requirements of claims 8, 1 0 and 1 1 are 
substantially the same as claim 1 , and made obvious by Rot in view of Scheidt as 
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discussed above, expect that claim 8 requires re-encrypting layer-encrypted data 
blocks. As defined by applicant, layer-encrypted data blocks are data blocks 
encrypted by a layer key. Saito is directed to encrypting data using a layer key at 
col. 1 0, lines 1 0-18. At the time of invention, it would have been obvious to use 
the layer key as shown by Saito to perform the data encryption in the system of 
Rot in view of Scheidt. This is because using a layer key is just a design choice 
without limiting or disrupting the system, and it allows the system to work with 
Bluetooth compatible systems, as indicated by Saito. 

14.2. Limitations of claims 24, 26, 27 and 29 are substantially the same as 
claims 8, 10, and 1 1 . Note that claim 24 has the added limitation of a client 
device, wherein the client device comprises a client kernel for generating the key 
re-encryption event and a client application using the encrypted data. Rot in view 
of Scheidt teaches the added limitation: As shown in claim 1 , a re-encryption 
event will be followed by generation and re-encryption of keys, and therefore, it 
generates a key re-encryption event. Scheidt col. 2 lines 4-58 shows that a user 
device (client) can connect the server and access the server, which involves 
initiation of the method of claim 1. Therefore, Scheldt's user device (client) 
generates a key re-encryption event. Note also that Scheldt's user device 
includes an application which uses the encrypted data, and includes a kernel. 

14.3. As per claim 12, Scheidt col. 11 lines 15-20 teaches an authentication 
agent which provides the credentials (the layer key and new layer key). 
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1 4.4. Limitations of claim 28 are substantially the same as claim 12. Also see 
rejection of claim 13. 

1 4.5. As per claim 9, Rot in view of Scheidt and Saito is directed to the method 
of claim 8. Zheng also teaches a user data access record comprising a bitmap 
(see claim 1). 

1 4.6. Limitations of claim 25 are substantially the same as claim 9. Also see 
rejection of claim 13. 

Conclusion 

1 5. Applicant's amendment necessitated the new ground(s) of rejection 
presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. 
See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as 
set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire 
THREE MONTHS from the mailing date of this action. In the event a first reply is 
filed within TWO MONTHS of the mailing date of this final action and the advisory 
action is not mailed until after the end of the THREE-MONTH shortened statutory 
period, then the shortened statutory period will expire on the date the advisory 
action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be 
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calculated from the mailing date of the advisory action. In no event, however, will 
the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

16. Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Farid Homayounmehr whose telephone 
number is (571) 272-3739. The examiner can be normally reached on 9 hrs Mon- 
Fri, off Monday biweekly. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Edan Orgad can be reached on (571) 272-7874. The fax 
phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR 
only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 



Farid Homayounmehr 
11/18/2009 



Application/Control Number: 10/675,667 Page 16 

Art Unit: 2439 

/Edan Orgad/ 

Supervisory Patent Examiner, Art Unit 2439 



